IAG Forensics and Valuation MTBN Global Rehabilitation Consultants A-Action Bail Bonds Fidelity Bank Insurance Specialists: Security for your family
•   Articles
•   Announcements
•   Columns
•   New Members
<< Back

PayPal Fraud – Are Your Funds Safe?

By Pat Salem, CPA, CFE
IAG Forensics & Valuation
pat@iagforensics.com

Technology is constantly evolving as industry experts find new and improved ways to do things. They have brought us banking by phone, transfers via texting and mobile payments with Square. Even before these technologies became globally available, we were making on-line payments using service providers such as PayPal, SecurePay and Authorize.net.

As technology evolves the question businesses need to ask is, are the internal controls evolving as well?

Take PayPal, for instance. PayPal provides individuals and businesses a quick and easy way to make and receive payments and to transfer funds. It takes only minutes to set-up a PayPal account and link this account to your bank, credit card and debit card accounts. Once you have done that, you can start transferring funds or making payments to any vendors that accept payments by PayPal. You can make payments through the Internet, with your phone or using a PayPal debit card. You can even withdraw cash from ATMs using a PayPal debit card. Just add a PayPal button to your website, and you’re ready to start receiving payments from others.

While these marvels in technology make our lives easier, they also present challenges that we must consider and address before implementing this technology. Has your business or law firm put into place the proper internal controls to help mitigate any risks associated with funds maintained in your PayPal account? Any business leader or owner should ask themselves these questions:

If you do not know the answer to these questions, your internal controls may be inadequate. To protect your organization from misuse or misappropriation of funds held in a PayPal account, you may want to consider implementing the following internal controls:

If you do not put the proper internal controls in place, your organization may face problems similar to the following examples.

A North Georgia Animal Shelter

The director of a North Georgia no-kill animal shelter diverted funds from their intended purpose using them instead for personal benefit. The director set up PayPal accounts to accept donations for a Lucky Dog and Lucky Cat program that would have sponsored pets that might otherwise have been euthanized. The director, however, did not use the PayPal funds in the manner advertised. Donations totaling $10,550 were transferred from the shelter’s PayPal accounts to the director’s personal bank accounts. Several animals, for which donations had been received, were euthanized. The following timeline shows the flow of cash from two of the shelter’s PayPal accounts to one of the director’s personal bank accounts over a four-month period.

 

 

As demonstrated in the timeline, transfers from the shelter’s PayPal accounts to the director’s personal bank accounts, were frequently followed by cash withdrawals and trips to Harrah’s Cherokee Casino.

The shelter’s inadequate internal controls resulted not only in the misappropriation of shelter funds, but more tragically, in the deaths of innocent dogs and cats.

The former director of the animal shelter was charged and convicted of numerous offenses and sentenced to 10 years in prison. As of January of this year, the former director remained incarcerated.

A Not-for-Profit Organization

Over a five-and-a-half year period, the operations manager of a not-for-profit organization diverted nearly $500,000 of funds from their intended purpose to be used instead for personal benefit. The operations manager set-up a PayPal account through which individuals and other entities could make donations to further the mission of the organization. Rather than transferring these donations to the organization’s bank account, the operations manager used these funds for personal benefit, paying for clothing, entertainment, meals, personal grooming and travel. Purchases were made over the Internet at websites that accepted PayPal as a form of payment. Purchases were also made at brick and mortar establishments using a PayPal debit card or a mobile phone tied to the PayPal account. The operations manager also withdrew cash from ATMs at numerous locations within and outside of the United States.

Similar circumstances were present in each of the above cases and should be red flags for potential abuse:

Don’t let your funds pay someone’s holiday – institute internal procedures to keep your funds where they should be.

Is your organization or your client’s company or non-profit adequately protected against misappropriation of funds from its PayPal accounts? If you have any questions or need assistance in a fraud matter, please call Pat Salem at 770-635-1698 or Karen Fortune at 770-635-1699. 

Leave a Reply

By submitting a comment here you grant DeKalb Bar News a perpetual license to reproduce your words and name/web site in attribution. Inappropriate or irrelevant comments will be removed at the Editor's discretion.